Hey guys, I find myself implementing the refresh token for a project.
I was wondering on how to use it properly.
My idea would be to use a service between my frontend and auth0, pass the login details from frontend to backend and then backend forwards this details to auth0. Then when the response comes back, extract the refresh token and sent it back as a httpOnly cookie to the frontend so when user refreshes the browser’s tab, I can call the oauth/token and issue a new JWT if it proceeds by calling the backend, then backend captures that cookie and uses it.
I wonder if there is a way to make auth0 to set the cookie for me so I don’t need to use a service in the middle. Something that res.setCookie(‘rf’, refreshTokenValue) and then for any successive calls to oath/token expect this cookie in the request, parse it and re issuing the appropriate JWT